Two exciting breakthroughs in autonomous vehicle cybersecurity, though questions remain

Researchers determine that sensor traffic, such as what's in autonomous vehicles, can be falsified. Discover their proposed solutions to overcome that weakness.

Researchers in academia see the writing on the whiteboard when it comes to autonomous vehicle security, and are working hard to develop technology that will prevent cybercriminals from subverting what amounts to powerful computers that can drive, float, or fly.

One such researcher is Nicola Bezzo, assistant professor of systems and information engineering at the University of Virginia. "About 50 percent of my work is understanding how to detect cyber attacks on modern vehicles, such as the car you drive every day, or robotic systems in airborne vehicles," Bezzo tells Matt Kelly in this University of Virginia press release. "I try to understand the state of these systems, to see if they have been corrupted or not. The other 50 percent of my work is dedicated to making such systems more autonomous and smarter."

Bezzo gets right to the point, telling Kelly that autonomous vehicles are loaded with computerized systems and sensors that work great, adding that autonomous vehicles will be designed and tweaked so as to make them safer than current vehicles when it comes to movement and collision avoidance.

However, there is a caveat according to Bezzo: He suggests that autonomous vehicle manufacturers consider their computing platforms difficult to compromise. "I believe we are never going to be able to solve this problem completely," explains Bezzo. "There is always a way to compromise your systems, to do something that you did not take into account."

Why redundancy might be the answer

Redundancy is what Bezzo suggests to overcome attacks designed to compromise sensor systems or the computing platforms of autonomous vehicles. By using multiple sensors, for instance, the operator would see variations in sensor readings that might indicate an intrusion. Bezzo told Kelly, "If you compare the information from your sensors with others in your system, you can see if something is compromised or not."

A slightly different approach to cybersecurity

Researchers at Texas A&M's Cyberphysical Systems Laboratory are also concerned about sensors. "Sensors are like GPS navigation in the network that gather information about the environment," graduate student Bharadwaj Satchidanandan is quoted as saying in this Texas A&M University press release. He added: "Actuators such as motors, or controls such as the steering wheel, interact with them. If the sensors are corrupted or hijacked by malicious agents through the internet, they can provide false information on vehicle locations resulting in collisions."

The Texas A&M research team headed by Dr. P. R. Kumar, professor in the department of electrical and computer engineering, along with graduate students Woo-Hyun Ko and Bharadwaj Satchidanandan, have figured out how to apply dynamic watermarking to sensor traffic as a way to weed out malicious traffic.

The researchers are able to inject a random private signal called a watermark into traffic sent to the actuators. From the press release: "The presence of this watermark and its statistical properties were known to every node in the system, but its actual random values were not revealed. When the measurements reported by the sensors did not have the right properties of this watermark, the actuators assumed that the sensors or their measurements have been tampered with somewhere along the line. With this new information, the researchers could predict a collision."

In this YouTube video, the researchers show how a tampered autonomous vehicle avoids collisions.

Kumar, Satchidanandan, and Woo-Hyun Ko caution that the ability to falsify sensor information applies in other industries as well. "This is an instance of the broader concern of security of cyberphysical systems," notes Kumar. "The increasing integration of critical physical infrastructures, such as the smart grid or automated transportation, with the cyber system of the internet has led to such vulnerabilities. If these technologies are to be adopted by society, they will need to be protected against malicious attacks on sensors."

Unanswered questions

All the researchers expressed concern, adding there are a significant number of unanswered questions. "A lot of things in my research are about predicting," alludes Professor Bezzo. "What happens if we have a wheel that is deflated or propellers that fall off or the motor stops working or the computer shut down? How long a time do I have before recovering?"

Bezzo also states, "In the end, you are trying to deflect an attacker as fast as you can."

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays